So, where do you go from here? To begin with, check the new ASP.NET created by Microsoft. The .NET framework was developed by Microsoft in order to integrate the new software and technologies, particularly the powerful XML. So, now there is a Visual Studio .NET, and plenty of things to do with it.

You can download the entire .NET SDK (a little over 100 MB), or just the parts of it you plan to use. Once you install it, you'll see that it doesn't affect your regular ASP applications, they continue working just as well. Moreover, it uses different file extensions (.aspx is the most common), so it won't overwrite your other ASP files. This also means that regular ASP and ASP.NET do not share information – for instance, an ASP application will use the Global.asa file, while the ASP.NET application will use the Global.asax file, even when they are installed on the same machine and perform the same function. You can continue writing your code in Notepad, you don't need anything fancy for the .NET applications.

Perhaps the most obvious application for the ASP is that of setting up e-commerce sites, or web sites for newspapers and magazines, because it is so easy to handle security issues, multiple users and quick updates. You can also organize a download center, or web-based file manager, you can insert a poll or a virtual voting booth on your site, a guestbook, you can insert and control banners and ads, handle the statistics about the number of people visiting or even create your own online games. You will find on the Internet free codes that will help you considerably… so, from this moment on, the choice is yours!

All programmers have mistakes in their scripts, it's impossible not to make some. There are several methods to detect and correct them. Microsoft offers a Script Debugger which can be a useful tool, particularly if you've used Microsoft technology all over (ASP and Access, and the JScript or VB languages).

Note that you have to enable the Debugger, before you can start using it. It will allow you to do different things, such as to run only parts of your code, to see if they're working, or to check the evolution of the variables as the script develops. With this tool you can insert breakpoints, which will stop your script from running at a certain moment, so you can have a closer look of how it behaved until then. You cannot make modifications in your script directly in the Debugger, you need to open the editor in which you wrote the code lines initially, and to modify your code where it is.

When your code is not working, you should check for syntax mistakes, as they are the most common, and the most annoying. It can be anything, a typing mistake, a misspelled word, missing quotation marks, and so on. In most cases, if your script doesn't run at all, then you probably have a very simple, basic mistake.

If your script seems to runs smoothly, but its results are incorrect, then you probably have a logic mistake. These are a little trickier to handle, and it often means that your approach was mistaken from the very beginning, and you will have a lot of modifications to make. Check your "loops" and "ifs", one of the most common logical mistakes is found in the conditions for the "ifs".

There are also run-time errors. This means that the script found an operation which is impossible to perform, and so it has to stop. You need to correct that error before your script continues working.

IIS5 also offers an object called ASPError. You can only use it with the method called Server.GetLastError(), and it will give you data about the problems encountered with the script. Its properties include Source (which returns the actual code line which caused the error), File (the name of the file that generated the error), Description (yes, this is actually a brief description of the error), Column (the column position within the file that generated the error) and Category (which attempts to tell you what type of error it was, if it was caused by an ASP script or by an object, and so on). If the error is ASP-related, you can also use the property ASPDescription, which returns a more detailed description of the error.

The ASPError object can help you set up a centralized way of dealing with errors. Sometimes you can't be there to correct the error, or maybe you want the script to send you an e-mail with the description of the error. This tool is very useful when you are dealing with large scripts and when you want more than one person to handle the errors. You can also use it to create some custom-made, user friendly error messages.

You started learning ASP because you need to create a big, complex site, interactive and easy to update - otherwise, you can use the HTML and save all this trouble. So, if you have a lot of information, you need to store it someplace, and order it - so you'll end up putting it in a database.

ASP works well with databases, in fact, it was designed with this purpose in mind. You can modify the data in the database, and your web site will modify by itself, quickly and without messing up the rest of the application. For ASP, you can use any database you want, but, as it is Microsoft technology, it would probably be better to use Microsoft Access, which is not only fully compatible with ASP, but also easy to use, intuitive and it comes with every Microsoft Office CD. So, if you have Word and Excel on your computer, you have Access as well. Spend some time to get familiar with it. You will need to organize your data carefully, since the database will represent the "skeleton" of your entire application. If you want to, you can use MS SQL Server, Oracle, MySQL Databases or any other type of database you are familiar with, it won't make a big difference.

Then, you need to connect the database, and there are two methods to do with: with or without DNS (Data Source Name). If your site is hosted by a company (as is usually happens), you have to contact them and ask them to set up the DNS for you (you won't take them by surprise with this request, I'm sure they've heard of it before). You will have to tell them where your database is located, and the name chosen for your DNS.

In order to make the interaction with the database easier, Microsoft has created a group of objects - also known as the ADO technology (ActiveX Data Objects). There is a Connection Object, for the connection with your database, and a Recordset Object, for getting the data out of the database. These objects act just like the one we've seen before, and they have properties and methods too. For instance, the Connection object has methods such as Open, Close, Execute, and properties such as ConnectionTimeOut, State, Provider, Version. As you can see, they are in plain English, it's quite easy to understand what each of them does.

Besides using the RecordSet object, another method of adding records to the database is by using SQL statements. SQL stands for Structured Query Language and it represents the standard language that deals with databases. It is also quite intuitive, for instance, the statement you will be using in order to add a record is "insert". You will also find statements such as "select", "delete" and "update". With the "insert" statement, you will need to tell it the name of the database, the fields, or columns where you want the data inserted, and the actual data you want to insert, like this:

insert into database_name (column01, column02) values ("value01″, "value02″)

A database can store anything. You can ad pictures, HTML forms, anything else you see on the Internet today. It is important to keep them well organized, do not mix data that don't belong together, or are not of the same time, and pay close attention to the relations among them. The best design you can create for your page will not help the users, if they have problems accessing the content.

Once you start using databases, you actually use the ASP for the purpose it was designed. As your scripts get bigger and more complex, they are also a bit more difficult to handle. You can write a code separately, and then include it where you need it. For this, you have the #include directive, used for elements that you want to keep separately, for better organization, or that you want to re-use on several pages. The syntax is:

<!–#include file ="file_name"–>

The Session object helps identify the user for a longer period of time. Think of what happens when you log in into an Internet-based mail account. You have to input your username and password only once - this starts your session - and then you can read and send email for as long as you want. When you hit the "Log out" button, or you close the browser window, your session comes to and, and the application doesn't know who you are anymore.

In order to solve the identification issue, ASP creates a unique cookie for each user - a sort of passport, and we've seen how it's done. The Session object stores the information about the users. Each user has a different Session object, and the server destroys this object when the session expires. The values contained in the Session object can be accessed by all the pages of your ASP web site - otherwise the user would have to input the data on every page. The fact that all applications share the same cookies may raise some securities issue. Keep in mind that ASP offers some encryption options.

The Session object has two collections: Contents and StaticObjects.

In the Contents collection, you will find all the items appended to the session by a script command: Session.Contents (Key). The "Key" parameter, the name of the item to retrieve, is required. The StaticObjects collection contains all the items appended to the session with the HTML <object> tag.

The SessionID property returns the unique ID, generated by the server for each user. There is also a Timeout property, which sets or returns the timeout for the respective session, in minutes. The session will end after that number of minutes, unless the user refreshes the page, or requests a new page.

The Session object has a method called Abandon, which kills the user's session. When you use it, you'll see that it acts only after it executed the entire script on the respective page. There is also a method called Contents.Remove, which deletes items from the Contents. You can indicate the items to be deleted by their names or by their indexes.

The Session object has two events: Session_OnStart and Session_onEnd - which occur, of course, when a session is created and when a session ends (no matter the reason why it is brought to an end). Both of the events are placed in the Global.asa file. The Global.asa file is optional. The objects, methods and variables you declare in the Global.asa file are accessed by every page of your ASP application - so, if you have objects you need to use on every page, this is a great way of saving some time and many keystrokes. You can have only one Global.asa file for an application, and you must store it in the root directory of your application, or else the pages won't know where to look for it. You don't use <% %> in the Global.asa file - instead, you will have to place everything in the HTML <script> </script> tag. If you need to create new objects, you can do so here, using the <object> </object> tag.

When you have many visitors, you need to use Cookies to store information in your visitors' computers. Basically, what you do is send some bits of information to your clients, and then request it back, when you need to use it.

If you run a search on the Windows Help about cookies, you'll see that it's quite secretive about what they are and how you can set your computer to accept or reject them. As you will see, there are some users who have strong feelings about Cookies, and consider them an intrusion on their privacy. Some complex web sites, such as portals or e-commerce sites, can't work without them.

In order to create a Cookie, you need to place the command Response.Cookies before your <html> tag. You can also assign properties to a Cookie, such as the date when you want it to expire.

<%

Response.Cookies("MyFirstCookie") = "Test";

%>

This creates a cookie, named MyFirstCookie, with the value Test assigned to it, and which expires on the 1st of January 2005. If you want the cookie to expire as soon as your visitor leaves, the Expires property gets the value 1. Cookies that are valid only until the browser window is closed are called in-memory cookies, while those saved on the client's disk are called disk-based cookies.

In order to retrieve the value of the cookie, you will use the command Request.Cookies:

<%

x = Request.Cookies("MyFirstCookie");

Response.Write("MyFirstCookie has the value of " + x)

%>

The output will be "MyFirstCookie has the value of Test"

Using cookies, your page will be able to "identify" the visitors, allowing the offer of personalized content. If a user sends his name, through a form, a cookie can store it and use it later on. It can store other values, such as what links the user accessed, what item he chose from a list, and so on.

A cookie can contain more than one value, in which case these values are called keys:

Response.Cookies("MyFirstCookie")("Key1″) = "Japan";

Response.Cookies("MyFirstCookie")("Key2″) = "China";

Response.Cookies("MyFirstCookie")("Key3″) = "Austrlia";

When you need to reference the values in the cookie with keys, you have to use the key value:

Response.Write(Request.Cookies("MyFirstCookie") ("Key1″));

Response.Write(Request.Cookies("MyFirstCookie") ("Key2″));

Response.Write(Request.Cookies("MyFirstCookie") ("Key3″));

You can use the HasKeys property in order to check if one cookie has keys or not.

Not all browsers support cookies, and you need a way to avoid this problem. One way of doing so is by using forms. Forms, used in HTML, allow you to get some input from the user. In combination with the Request object from ASP, they can be used for a variety of ends. Let's say you want to create a form where the user inputs a name and age.

<form method="post" action="noCookies.asp">

Name: <input type="text" name="name" value="">

Age: <input type="text" name="age" value="">

<input type="submit" value="Submit">

</form>

This puts the forms on your page, and now you need the noCookies.asp file:

<%

name = Request.Form("name");

age = Request.Form("age");

Response.Write("Your name is " + name + " and your age is " + age);

%>

Another way of avoiding browsers that have to cookies is to put your parameters directly into the URL. ASP does not have a built-in method to determine whether a browser has the cookies enabled or not - there are other ways to deal with that problem, but we will not cover them now.

Finally, one last thing about cookies: when you create one, it automatically saves the path of the site that created it. In this way, when the user returns to the site, the cookie follows its path back to the server. You can change this path when you want, something useful one you want one cookie to correspond to two or more applications:

Response.Cookies("MyFirstCookie"). Path="http://server/softwareprojects/application/";

When you have to work with complex directors and file structures, you need objects and methods to manipulate them, and ASP has several such built-in options.

In order to work with the files and folders from your web server, you have the FileSystemObject. It can manipulate files, folders, directory paths and retrieve information about them. The drives you work with can be the hard disk, or removable disks, such as a CDRom or a Floppy Disk unit, and even a network drive.

Before you start using this object, keep in mind that it's not 100% secure. After all, the applications created modify the files existing on your server, and may cause quite major safety glitches, so make sure you use passwords to protect your applications. Also, try not to make them public. For the same reasons, some (quite a few) web hosting companies do not support this object, so check with your host to see if you are allowed to use it.

The FileSystemObject has a property called Drives, which returns the drives available for the computer:

var fso;

fso = new ActiveXObject("Scripting.FileSystemObject");

drives = fso.Drives;

Note that the result is not a single object, but a collection of drives. If you want to display all of them, you can use a for loop. You can also check to see if a file exists on the server:

var fso;

fso = new ActiveXObject("Scripting.FileSystemObject");

if(fso.FileExists("c:\windows\1.txt"))

{

Response.Write("Found file!");

}

else

{

Response.Write("Files does not exist.");

}

This little piece of script checks if file called "1.txt" exists in the windows folder on the server, and prints the results. Note that, when you are done, you have to explicitly remove the file from the memory of the server by using the keyword "nothing".

There are more methods available for the FileSystemObject. We will list here some of them, with their respective parameters, but remember that they can be dangerous, if not used correctly, and you may delete or "misplace" important files on your server for good:

DeleteFolder (name, force) - deletes the designated folder. The name indicates the name of the folder, while force indicates its behavior towards read-only folders and files. If the force attribute is set to true, than these files and folders will also be deleted.

MoveFolder(source, destination) - moves the folder from the source path to the destination path

BuildPath(path, name) - adds the file or folder indicated by the name to the respective path

GetParentFolderName(name) - pretty obvious, returns the name of the parent folder

Much in the same way, there are methods for working with files, which work exactly like those described above, for the folders:

CopyFile(source, destination, overwrite)

DeleteFile(name, force)

FileExists(name)

GetFile(name)

MoveFile(source, destination)

In addition, you can create and open a file:

CreateTextFile (name, overwrite) - creates a new text file with the given name. The overwrite parameter, set to true, means that it will overwrite a file with the same name, if this already exists.

OpenTextFile(name, create, format) - not only opens the file, but also returns at TextStream object that you can use to access the file.

As you probably figured it out by now, there are methods for working with Drives as well, in the same intuitive manner:

DriveExists (name) - returns the value true if the designated driver exists, and the false value if it doesn't

GetDrive(name) - returns a reference to the specified drive object

You can understand now why leaving these applications unprotected can be dangerous. At the same time, you will be faced with situations when many users have to access files or folders from your web server, and maybe even all of them at the same time. We'll see how you can handle that.

Let's remember the very first ASP script written, the one that looked like this:

Response.Write("Hello World!")

Now, try to guess what response and write() are. Of course, response is a built-in object of ASP, while write() is one of its methods. You can introduce HTML tags in the string, it will be interpreted correctly:

Response.Write("<b> Hello World! </b>")

The response object can do things far more powerful than write text and ad HTML code to your page. As the name implies, its function is to send a response to the user, an output from the server. Now, this brings us one huge step closer to the initial goal of learning ASP, that is, to allow the creation of dynamic, interactive web pages.

For instance, one property for the response object is called ContentType. By default this is set to text/html, but you can change it to anything else, such as image, or a specific type of image, like JPEG or GIF, or a certain application. Let's take a look at the following example:

<% Response.ContentType="application/vnd.ms-excel" %>

<html>

<title> Excel Table </title>

<body>

<table>

<tr>

<td> Washington

<td> Paris

<td> London

<td> Moscow

</tr>

</table>

</body> </html>

As you can see, this is a simple HTML table, but the user will see it as an Excel table, as long as this piece of software is installed on the respective computer. If it's not installed, then, well, it wasn't such a great idea. You can use this feature to constrain the user to viewer to use a certain program, or to constrain the content to accept only a certain type of input.

You've seen the message "404 Not Found" hundreds of times on the Internet. It is caused by a property of the response object, called Status. It is often found in a conditional statement, such as If the ip address is . then Response.Status="404 Not Found" or "401 Unauthorized".

Another property is Expires, which establishes a period of time (expressed in minutes) to keep a page cached on a browser before it expires. There is also a version of this property called ExpiresAbsolute, which does the same, but sets a specific date and time for the page to expire. If you don't want the page to be cached at all, you can set the Expires property to a negative value.

Response.Expires = -1

The Buffer property decides whether to buffer the content of the page - meaning that the server will not allow the user to load the content of the page until it processes all the server scripts, or until it runs the methods Flush or End. If you want to use this method, you need to place it before the actual HTML code, and set it to "true". For the earlier versions of IIS (before 5.0), this was set by default to "false", but in the 5.0 and later versions, the default is "true". This is useful if you want the browser to finish performing a loop before showing anything to the user.

We've already met two methods of the response object, End and Flush. The End method puts an end to the script, and returns the result processed until the respective moment. The Flush method sends the HMTL content that has already been buffered without any delay (without waiting for the rest of the content to be buffered as well).

One method that is quite common is the Redirect, looking like this:

Response.Redirect("http://www.softwareprojects.org")

Now let's take a look at the request object, used to obtain information from the user. It is really valuable in connection with forms, as shown in the following chapter. It has a property called TotalBytes, which returns the number of bytes sent by the client's request. This is read-only, as you cannot modify this value:

X = Request.TotalBytes

After this, you can use the method called BinaryRead(a), to retrieve the data the user sent to the server as part of a POST request. The data will be stored in safe array. You need to specify the parameter a, which is how many bites you want the method to read from the user (value usually equal to the X variable returned by the TotalBytes property above).

Besides all these, the Request object also has collections, including ServerVariables (containing all the server variables), QueryString (with all the variables in a HTTP query string), forms and cookies, which are the most important, and will be discussed in the following chapters.

Remember when we first introduced the objects, we used the example of a car, which is an object. But the car belongs to a class of objects, the vehicles. This is what happens to the programming objects as well.

You should think of classes as general blueprints for the respective objects. In other words, the classes contain types of objects, in a very wide sense of the word. A class of objects has all the properties and all the methods of the object, but a class is not an object. You should think of the class as a sort of definition of the actual object.

After spending so much time to define objects and their properties and methods, it may seem a waste of time to think about classes as well. But the very first time you'll have to deal with a really big project, you'll be thankful that these classes were invented. Keep in mind that you won't see classes at work, they are just blueprints, you use the objects defined, not the class itself.

For defining a new class, you use the class statement:

class ExampleClass

When you need an instance of the class, you have to use the new operator:

var x: ExampleClass = new ExampleClass

Classes have fields, which are a lot like properties, methods and constructors. A constructor is a method with the same name as the class, which runs when an instance of the class is created, with the new operator.

By default, all the members of the class are publicly accessible, but you can also make certain fields protected or private. Private fields can only be accessed by the other members of the same class, while protected fields can only be accessed by other members of the same class or members of the derived classes. This is called encapsulation, and it is one of the most powerful features of the object-oriented programming. By using it, a piece of code can read and use variables from your class, but it can't modify them, and this may be vital in certain instances. Also, you can use encapsulation to constrain the class members to do something, or to prevent them from doing something. If you define the class correctly from the very beginning, you can save a lot of time later on, and considerably reduce the chance of errors and mistakes.

One other major advantage of using classes is that it allows breaking down the script into modules. In this way, several programmers or several teams of programmers can work on the same script, without having to coordinate themselves perfectly. This is also useful for smaller scripts - if you want to ad another module later on, or if the original programmer left and somebody else needs to take over.

Last but not least, the classes have the so-called "inheritance" characteristic. This means that you can create a class based on another one, using the keyword extends, like this:

class ExampleClass extends DerivedClass

Now, our original class, ExampleClass, is now called base class, while the new one is called the derived class, and it takes its functionality from the definition of the base class. This means that you use a derived class when you want it to have all the properties and methods of its base class, plus something else. Once again, this little trick helps you avoid writing long lines of code over and over again, when you need something to perform basically the same function, with minor adjustments.

Inheritance is a really powerful tool. You should think of it as a relation of a child who "inherits" features from his parents, but is not the identical copy of the parent. Also, you should consider that you can use the inheritance feature from one "generation" to another as many times you need, to create derived classes from ones that originally derived, and so on.

If, at this point, you find classes and inheritance a bit confusing, you should spend some time reading and deciphering some examples of scripts already made. You will need quite a lot of practice to use them properly, but keep in mind that this is the core structure of any object-oriented scripting, very popular and very much in demand these days. So, both in web programming and in classic programming you are sure to run into objects and classes again.

The Object-Oriented Programming was one of the biggest breakthroughs programmers ever made. It's a different approach to programming, which will make your life a lot easier when you deal with long programs. You don't use the ASP because you want to write "Hello, world!" on a single web page. Instead, you will use it to create complex web sites, such as pages for electronic commerce, or polls and quizzes, or in order to manipulate a complex database. In these cases, you'll have to deal with many items and operations, and countless repetitions become boring and tiresome. Instead of writing the same code lines over and over again, you can now use the object-oriented programming.

This is not a new program, but rather, a new way of thinking. If you've spent some time studying HTML and DHTML, you're probably used to it, but if you've never met this concept, you should spend some time to make sure you understand it correctly.

Let's take one very simple example. Let's say you have a car, which, of course, is an object. Now, this car has some properties that differentiate it from other cars, like the number of doors, the speed, the color and so on. Besides, it also performs a number of actions: it accelerates, decelerates, stops. Well, in a programmer's language, the car is called "object", the properties are called, well "properties" or "variables" and the functions and actions are called "methods". And that's all there is to it.

Some objects are built-in, but others you'll need to define for yourself. In JScript, the built-in objects include string, date, math, and array. We will discuss them in detail in due time.

Methods are those operations that modify the object, by manipulating the variables. In our example, you manipulate the "speed" variable of the car object by using the acceleration and deceleration methods. Only an object's methods should modify its variables, you cannot do it directly. If you need to change the variable "color", for instance, you must have a method, called "painting", that will help you do that.

You will find a full list of JScript objects and their properties and methods in the JScript reference, available on the net. The general syntax is:

object.property_name object.method_name()

The String object is the one that works with text. One of its properties is called length, and it returns the number of characters of the respective string. One of its methods is called substring(), and it subtracts a string, contained between the specified values. For instance, substring(5,12) will return a string formed by all the characters between the 5th and the 12th character of the original string.

var str = "This is a demo script. You can modify it as much as you like. Copyright softwareprojects 2004″

document.write(str.length) // This will return the value 93

document.write(str.substring(0, 23)) // This will return the string This is a demo script.

document.write(str.toUpperCase()) // This will return the string THIS IS A DEMO SCRIPT

document.write(str.toLowerCase()) // This will return the string this is a demo script

Use these examples in your script and see what happens. As you can see, the names of the objects, their properties and their methods are quite easy to figure out - you don't need a lot of schooling to understand what a method called "toUpperCase()" does. Note that this method does not require any parameters - there is noting more to define for it, but the brackets are still needed.

Now that we've figured this one out, let's move on to the date object. You can assign the date to a variable, much in the same way as you assign a number or a string:

var x = new Date()

You can write down any parameters you want between brackets:

var x = new Date("January 1, 2004″)

var x = new Date("January 1, 2004 12:00:00″)

If you don't write any parameters, the script will simply use the date from the respective machine. The two main methods for this object are getDate(), which returns the date from an objects, and, for our variable x, looks like this:

x.getDate()

and setDate(), which sets the date of the month in an object, and looks like this:

x.setDate()

There are various different variations of the two, such as getDay(), getHours(), getMinutes(), setMonths(), setSeconds(). I think you got the idea. Experiment with the Date object a little. It's easy, simple and you see it used very often, on many web pages. This is the perfect object to help you get used to the syntax and the use of parameters.

The Math object deals with the basic mathematical constants and functions. Same as the rest of the objects discussed in this chapter, the Math object is already there, you don't need to create it, and you may find it very useful on occasions. It has functions such as PI, which returns the PI, naturally, and E, which returns the base of a natural logarithm. (If you can't remember what the natural base of a logarithm is, then give it a try and see if you can figure it out.) The methods are pretty neat, if you want to make some mathematical games, you have abs(x), which returns the absolute value of x, cox(x) - the cosine of x, round(x), which rounds x to the nearest integer, and random(), which returns a random number between 0 and 1.

When dealing with a large script, you will very often need to write additional "sub-scripts" that are called by the main script several times. This will save you a lot of time from rewriting the same piece of code every time you need it in the main script. Such "sub-scripts" are called functions. Their main purpose is to take some values, do some actions based on those values, and then return a new result. This way, you won't have to rewrite the pieces of code again and again, but merely call a function that implements that code.

Most of the times you will need to pass information to a function; you can do this by enclosing the information in parentheses after the function's name. These arguments - which is the name of the passed information - are separated by commas. But there are times when you won't need to specify any arguments - you will still need to add the parentheses after the name of the function, but nothing else within them.

There are two types of functions: built-in functions (functions that are built into the language) and user-defined functions (functions that are defined by the user). There are a lot of built-in functions, each one having its purpose, for example the eval() function that takes a string as an argument and evaluates the expression the string holds:

result = eval("(5 * 5) + 3″); //assigns the value 28 to the variable "result"

But the most important thing about functions is creating them on your own. To define a function you must first use the function statement and insert the function's name and arguments, then you must add the actual code. You can use "return" to assign a value to the function's result.

function make_sum(a, b, c) //don't add a semicolon in the end!

{

result = a + b + c;
return result;

}

As you can see, we assign the sum of the arguments a, b and c to the variable result, then we return the value this variable holds.

The result variable is a local variable, which means that it is used only within this function. Local variables are created and then destroyed every time the function is called, and they cannot be accessed by other functions outside it.